After reading some of the postings about corporate anti-virus I began to wonder what are the number of instances of viruses/malware caught by your solution some of you are seeing in your environment on a monthly basis? I'm also wondering if you are seeing a high number are you using web content filtering to prevent users from visiting those naughty sites? In my environment I see about 1 or 2 a month and that's it and I accredit this to web content filtering. What say you?

I get probably around 700 a month now we were well over 1000. That is detections not infections. We are a Health Clinic that has the web filtering done by a 3rd party service for clinics. They use Websense but are not very restrictive unless it is something I want to download or a board I want to look at. I have started implementing McAfee Site Advisor and that has reduced the # of detections. Once it is rolled out completely than I am expecting a significant drop. Part of the problem is alot of the detection are from the Dr's and their systems. We are alot less restrictive of the Dr's for upper management reasons, but I am slowly getting them to see how what they do affects the system and its performance.

Yeah that is the other issue I have been changing. Before I came in all users were admins to the lcal workstations and could and would install pretty much anything they wanted. They actually had a nurses station with games installed. It took alot to clean it up and I am still working on the last few who say they need admin to run the applications.

More content block URLs than for malware hosting sites for us, either our users like to live on the edge and test the filters or they're all in denial that their internet access is via a proxy... for e-mail we get between 20 - 30 viruses a month and around 4000 blocked as Spam (a mixture of nasty and legitimate sales spam)

I would recommend less time and energy on your malware solution and looking to the following...

Hardening of the OS that is on the workstations and the network itself by disabling services as well as creating rules for your firewall to not only block incoming but outgoing traffic except for say http(80)/https(443 and only to valid/required business partners sites - malware will "call home" via https and your firewall will let it if you're firewall has no outgoing rules and there is no proxy in place, an IDS or IPS won't necesarily catch it because it can't scan the content) from the address of the proxy server and smtp(25) traffic from the address of the mail server, and any other rules for ONLY needed and valid traffic, otherwise deny all, keep the OS's patched and up to date via a WSUS server for Windows environments (free) and make sure everyone is a restricted user rather than being given admin access, use a proxy solution (99.9% of malware is not proxy aware and it will trigger an alert because it will hit your deny all rule on your firewall that only allows port 80 and 443 from your proxy server) and filter/control internet access, filtering and not allowing email attachments before they reach the users.

I know many people will speak to budget and costs but hardening and disabling of services on workstations costs nothing, nor does securing even the simplest of firewalls. There is a great open source product as well called untangle that will run on an old workstation that provides filtering and monitoring of internet access among other things.

I manage a network with 10 servers and 250 PC. Knock on wood I haven't had a virus infect a PC for 5 years but adware and junk software I fight monthly. I probably do around 10 system rebuilds a year because of that. Most of the PC, around 200 are locked down, and I never have an issue with them. It is upper management PC that want the freedom to go anywhere and install anything that I have to rebuild. I have ghost images now of all of these PC that automaticly get imaged each month. I save 3 month of images. Huge time saver.

Most of the PC, around 200 are locked down, and I never have an issue with them. It is upper management PC that want the freedom to go anywhere and install anything that I have to rebuild. I have ghost images now of all of these PC that automaticly get imaged each month. I save 3 month of images. Huge time saver.

Kudos on the plan Doug, will have to steal that idea when my users start going on a download rampage...

0

This discussion has been inactive for over a year.

You may get a better answer to your question by starting a new discussion.